Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of UI Hide Secrets Sync from nav if not on license and/or no policy permissions into release/1.17.x #27436

Merged
merged 2 commits into from
Jun 12, 2024
Merged

Backport of UI Hide Secrets Sync from nav if not on license and/or no policy permissions into release/1.17.x #27436

merged 2 commits into from
Jun 12, 2024

Conversation

hc-github-team-secure-vault-core
Copy link
Contributor

Backport

This PR is auto-generated from #27262 to be assessed for backporting due to the inclusion of the label backport/1.17.x.

The below text is copied from the body of the original PR.

Adding Do not merge label so this is target for 1.17.1 and does not get into GA.

  • ent test pass

This PR hides Secrets Sync from the sidebar navigation under the following circumstances. The decisions was made to remove the upsell badges because showing Secrets Sync to users who do not have this feature or have the feature but do not have any access to the sys/sync endpoint is an anti-pattern to how the UI currently handles showing/hiding features.

Notes:

  • I do not do any type of redirect or navigation prevention if a user manually finds the Secrets Sync page.
  • I do very little to client counts: I change the name of a getter and use the same flag service getter to show or hide the link to Secrets Sync overview.
  • I do not address the situation where a user—with policy permissions—still cannot activate Secrets Sync from within a namespace. That will be addressed in another PR and targeted for 1.17.1.
  • The permissions paths I gathered from scanning through the sync api.

These changes do the following:

  1. Hides Secrets Sync nav from all OSS users.
    image

  2. Displays only one upsell badge for HVD managed clusters. We cannot tell which tier they are on. In the future this will likely change.
    image

  3. If you're an Enterprise user without Secrets Sync on your license, you will not see it in the sidebar nav.
    image

  4. If you're an Enterprise user with Secrets Sync on your license and it's NOT activated, you will see the sidebar nav (regardless of your policy permissions).

# user bob with the following policy
path "sys/sync/*" {
  capabilities = [ "deny" ]
}

path "sys/activation-flags/secrets-sync/*" {
  capabilities = [ "deny" ]
}

image

  1. If you're an Enterprise user with Secrets Sync on your license and it IS activated, you will only see Secrets Sync if you have access to sys/sync endpoints.

Below is a user Bob with the ability to read on sys/sync/destinations only, and he can see it.

Below is a user Maria with the default policy (no access to sys/sync), she can not see it.
image

Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/ui/VAULT-27608/hide-secrets-sync-when-no-access/miserably-flying-werewolf branch from 5bd867d to 4db380f Compare June 11, 2024 14:20
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jun 11, 2024
@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

@github-actions GitHub Actions
Copy link

CI Results:
All Go tests succeeded! ✅

@Monkeychip Monkeychip added the ui label Jun 12, 2024
@Monkeychip Monkeychip added this to the 1.17.1 milestone Jun 12, 2024
@Monkeychip
Merge branch 'release/1.17.x' into backport/ui/VAULT-27608/hide-secre…
4fab982 
…ts-sync-when-no-access/miserably-flying-werewolf
@Monkeychip Monkeychip enabled auto-merge (squash) June 12, 2024 15:24
@Monkeychip Monkeychip merged commit 55098d0 into release/1.17.x Jun 12, 2024
24 checks passed
@Monkeychip Monkeychip deleted the backport/ui/VAULT-27608/hide-secrets-sync-when-no-access/miserably-flying-werewolf branch June 12, 2024 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hellobontempo hellobontempo hellobontempo approved these changes

@Monkeychip Monkeychip Awaiting requested review from Monkeychip

Assignees

@Monkeychip Monkeychip

Labels
backport hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed ui
Projects
None yet
Milestone
1.17.1
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-secure-vault-core @hellobontempo @Monkeychip